<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] ([KBA] or [Knowledge-Based Verification],  [KBV]) is an [Authentication Method] and a [Authentication Factor].

!! Static [{$pagename}]
Static [{$pagename}] or [Identity questions] are nothing more than a [Shared Secrets] and has been [deprecated] by [NIST.SP.800-63B]

!! Dynamic [{$pagename}] 
Dynamic [{$pagename}] is a higher [level Of Assurance] that uses knowledge questions to verify each [Digital Identity], but does not require the person to have provided the questions and answers beforehand. 

Dynamic [{$pagename}] questions are compiled from [Public data] and [private data] such as marketing data, credit reports, or [transaction] history.

To initiate the process, basic identification factors, such as name, address, and date of birth must be provided by the consumer and checked with a [Verifier]. After the [Identity Proofing], questions are generated in real time from the data records corresponding to the [Digital Identity] provided. Typically the knowledge needed to answer the questions is __not__ available in a person's wallet (some companies call them &quot;out-of-wallet questions&quot;), making it difficult for anyone other than the actual [Person] to know the answer and obtain access to secured information. Generally the period of time for the person is given to respond to questions and the number of attempts is limited to prevent answers from being researched.

Dynamic [{$pagename}] is employed in several different industries to verify the identities of [customers] as a means of [fraud] [prevention] and [compliance] adherence. Because Dynamic [{$pagename}] is not based on an existing relationship with a consumer, it gives businesses a way to have higher [Identity Assurance Level] on the [Digital Identity] during [Credential Enrollment] or in a [Password Recovery] condition.

!! [NIST.SP.800-63-3] section 4.3.1 [Authenticators]
[{$pagename}], where the claimant is prompted to answer [questions|Identity questions] that are presumably known only by the claimant, also __does not__ constitute an acceptable secret for digital [authentication]. A [biometric] __also does not__ constitute a [secret]. Accordingly, these guidelines __only allow the use of [biometrics]__ for [authentication] when strongly bound to a physical [authenticator].


!! [Employee Badge]
Several [Organizational Entities|Organizational Entity] [{$applicationname}] has done work with use [{$pagename}] on their [Help Desk] or [Password Management Applications] for [Credential Resets]. Often the [Identity questions] answers are readily available on the [Employee Badge] and perhaps that [Bob] had a birthday last week.
[{$applicationname}] has long though

!! [Data Breaches|Data Breach]
With the many [Data Breaches|Data Breach] [{$pagename}] systems that many organizations use has been compromised. Asking a [customer] to verify their [Digital Identity] by confirming their former employers, addresses, or mother's birthdays, when [attackers] know all that [data] - plus what magazines they subscribe to and so forth.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>